Developments in Data Privacy for 2018 (1/2)



GDPR and a Brave new Browser

Modern marketing is defined as leveraging information about prospects, to get a message across to the right person at the right time.

In early years, advertisers didn’t have that information, so they sent out a lot of messages in the hope to reach just a few prospects. Advertising had to be annoying, intrusive and in-your-face to make an impact, because it was usually irrelevant.

Now marketing can be less intrusive and more targeted, but for that, a growing amount of data is gathered, to derive ever more exact targeting information from. This practice has raised concern with privacy protectors and lawmakers. Especially worrying to them is the fact that this data can be related to real people of flesh and blood, giving a huge amount of power to a limited number of organizations, usually commercial companies.

The European Union is taking this problem increasingly seriously and will bring into effect a new data protection regulation as per May this year, dubbed GDPR. A lot has been said about this topic already and I will be covering it myself at length in a near future blog post, so for now, I will only touch on it lightly.




The biggest impact the GDPR has for most companies is on the rights that it gives to citizens regarding the data that companies gather about them.

Citizens may

  • access their data,
  • change it,
  • delete it,
  • take it to another supplier and
  • complain about companies’ handling of it

Clearly this has some repercussions on the way companies can store their customers’ data. Many organizations can not even access this type of data themselves in a timely manner, let alone give people access to their own data or manipulate it in a safe and secure way. 

Somewhat worrying is also the fact that the data needs to be stored and managed according to the latest safety and security standards (although exactly what is meant by that is not specified) and solid procedures need to be in place in case things go wrong.

On the other hand, the regulation only refers to data that is personally identifiable, but that includes IP addresses and unique visitor ID’s (to the extent that they can be related back to personal identifiable data by the data handler). At the same time, only online data is affected, particularly organizations with an extensive CRM database, need to think about their strategy.

So please stay tuned for my dedicated GDPR blogpost, in which I will include a step by step guide for companies to get them in line with the requirements,

Next to rules and regulations that are changing, there are some private sector initiatives, that attack the root problem: users not being the master of their own data and this data being in the hands of commercial companies.


The Brave browser


Brendan Eich, the creator of JavaScript, the original Firefox browser and even further back - Netscape(!), introduces yet another browser. This one however doesn't intend to wait until you have prepared your company for GDPR. 

“Brave” the product is called and it is indeed a brave venture to enter an already crowded market of products that few people think more of, than utilities to access the internet with. If you want to have people run warm for a new product like this, you need a lot of leverage and/or a truly innovative product.

And Brave has some tricks up its sleeve to be just that.

When you fire up the browser, you will notice that it is a lot like other browsers, only that an ad block functionality is standard. There’s several levels of blocking, that you can manage on a site by site basis. In the most shielded way, not even site analytics will track you and you will go unnoticed to the site owner.

But ad blocking is just the start. The end goal of Eich is to have Brave become a platform for value exchange between publishers and their readership. The reader will define to what extent they will share their data with the publisher. If they don’t want to share anything, but still want to contribute to the publisher in order for them to be able to run their business, they can buy tokens from Brave that Brave then distributes proportionally among the publishers they most visited that month.

For this, Eich developed his own currency: BAT - short for Basic Attention Token, a so called cryptocurrency based on Ethereum (a Bitcoin competitor) and supported by the online wallet company Uphold. Uphold exchanges cryptocurrencies (also Bitcoin) to and from US dollars and will also do that for BAT. To enter the system as a user, you transfer money to Uphold to buy the tokens. Currently the value of one BAT is around 14 US cents. When you set your monthly budget and Brave will distribute these funds over the publishers.

In order to receive funds, publishers also need to join the program. Early december 2017 Brave claimed 1100 websites and 600 Youtube channels had signed up.

The system also has the potential to let publishers reward users with tokens for watching for instance sponsored content, or require them to pay extra for premium content. That way users wouldn’t have to go through the hassle of registering at multiple publishers, and again having their (payment) data scattered all over the internet.

It sounds like a compelling offering, but will it fly? Personally I think that people may start using the browser as a way to browse privately, but I seriously doubt that they will upload their money to support the publishers if they’re not forced to. And that may be the achilles heel of this initiative; that and the fact that the incumbent browsers will enable private browsing and ad blocking natively as well in 2018, decreasing the need to download and install yet another browser.

On the other hand, in their initial offering, Brave sold 1 billion BATs for $36 million in only 24 seconds. Of course, half of that was bought by only 5 people, but it seems that Eich has at least developed a viable system that aims at the very heart of the online advertising industry, where according to him too many middlemen earn too much money on users’ behavioral and private data.